Upcoming Virtual and In-Person Educational Events for Patients and Medical Professionals ➜ VIEW NOW

Learn about tick-borne illness, how it can become chronic, the challenges with traditional treatment options, and how patients can begin healing.

Privacy Policy

What's covered in the privacy policy?
    Add a header to begin generating the table of contents
    Scroll to Top

    Who We Are

    Gordon Medical Associates (GMA) is a U.S. based provider of health care services and supplies in San Rafael, California. This business is owned by Eric Gordon, MD and Nafysa Parpia, ND.

    Clinic Director – Eric Gordon, MD
    Director of Naturopathic Medicine
    – Nafysa Parpia, ND

    Gordon Medical Associates
    Montecito Plaza
    361 Third Street, Suite J
    San Rafael, CA 94901 USA
    (707) 575-5180


    Gordon Medical Associates provides Websites for general information, education, and contact details. We also offer a Patient Portal service – via our medical system provider – that allows patients to view their health-related information and maintain communication with our practitioners and staff.

    This Privacy Statement applies to our Websites and the Patient Portal privacy practices, and describes how information is collected from your use of them, pursuant to HIPAA and GDPR Privacy Regulations.

    Our use and disclosure of an individual’s personal information (including health information) is limited as required by state and federal law. We do not sell or rent personal information about visitors to the Websites.

    We are committed to protecting the privacy of the users of the Websites and the Patient Portal.


    The Websites and Patient Portal have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control both during transmission and once the information is received. These measures include SSL data encryption, brute force protection, malware scanning, and others.

    Website Visitor Data

    In addition to web logs, described below, we gather data on website activity, such as how many people visit the Websites, the pages they visit, where they come from, how long they stay, etc. The data is collected on an aggregate basis, which means that no personally identifiable information is associated with the data. This data helps us improve our content and overall usage. The information is not shared with other organizations for their independent use.

    Collecting, Disclosing, and Revoking Collection of Personal Information

    Except as below, we do not collect any personally identifiable information about visitors to our Websites or Patient Portal.

    1. Information collection, use and disclosure (Patient Portal only)

    This following basic information is verbally-requested by our onboarding staff as part of signing-on with our practice.

    • demographic information such as name, email address, mailing address, phone number, age, date of birth
    • health or medical information
    • credit card information

    We use and disclose this information to:

    • communicate your health information, or the health information of someone you are caring for, to providers treating you or the other person
    • communicate to you the health information of others you are authorized to act on behalf of
    • pay for supplements or medical bills
    • ship supplements or test kits
    • send you requested product or service information
    • administer your account
    • send you newsletters, text messages or email communications (including appointment reminders)
    • respond to your questions and concerns

    When you provide us with personal information about dependents and family members, we will only use this information for the specific reason for which it is provided.

    Requests to remove key personal information will result in diminished or loss of available services to you.

    You can read the Portal Provider’s Privacy Policy when you sign up to create an account.

    2. Web logs

    As is true of most websites, we gather certain information automatically. Our Website platforms maintains standard web logs that record data about all visitors and customers who use the Websites. These logs may contain the IP address which is automatically assigned to your computer when you get on the Internet (a static IP address may be identifiable as being connected to you, while a dynamic address is usually not identifiable); the type of browser and operating system you use; the date and time you visited; how you arrived at our Website(s); and the pages you viewed.

    Our Websites platform logs are stored securely at our hosting provider. This information is used to give insights for what information is popular/useful, and in order to help us provide the best service. Patients who utilize the Patient Portal will have similar logging undertaken by the Portal provider – these logs are not under our control or policies. You can read the Portal Provider’s Privacy Policy when you sign up to create an account.

    3. Cookies

    Our Websites and the Patient Portal may place temporary Internet “cookies” on the devices of visitors. The cookie consists of a unique identifier that does not contain information about your health history or personal information.

    These are temporary session cookies, and allow for a consistent experience on our Website and the Patient Portal, such as maintaining your signed-in status as you navigate between pages.

    You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Websites or the Patient Portal may not work properly for you. For instructions on how to remove cookies from your device, go to your device’s (or web browser’s) website for detailed instructions. EdgeSafariChromeFirefox, and Internet Explorer are commonly used browsers.

    4. Emails and SMS text messaging

    Our Websites use contact forms that require you to enter a name and an email address, as well as a brief question or message. This information is not retained on our Websites; it is retained on our external email server. Due to the inherent insecurity of email, we highly advise not to detail sensitive/medical information over this medium. The information is solely used to respond to the message.

    The Patient Portal uses a third-party vendor to offer appointment reminders via email and text messaging. Your email address or telephone number is never used for any purpose other than to communicate with you on our behalf.

    You may revoke permission at any time to send you emails or text messaging by contacting our office.

    5. Patient Portal messaging notifications

    Secure Messages sent via the Patient Portal are internal to the medical system services. No data is transferred out of the system with the messages, with the exception of a notification email to the account’s email address, if any. This notification contains no identifiable information other than the email address itself. The Patient Portal Secure Messaging is irrelevant to the aforementioned regulations as it is not transported nor shared, with the exception of the email notification.

    Patient Portal accounts that have an email address entered will receive notifications of new Secure Messages for pickup or appointment reminders. Secure Messages are only visible to the Patient Portal account holder and our staff.

    You may choose to no longer receive notifications from the Patient Portal by requesting to our office that we remove your email address from your account. Please note that this will result in a degraded experience with the Patient Portal, such that you will no longer receive notifications of new Secure Messages from our practice, nor receive appointment reminders via email, and will not be able to self-reset your password.

    6. Patient Portal credit card transactions

    If you provide us with your credit card number for services your credit card number will be encrypted and tokenized by our payment processor within the system. Billing staff will only be able to see the last-4 digits and expiry date. You will be able to see the same information within the Patient Portal.

    You may request to remove a credit card on file by contacting our office. Please note that this may disrupt future appointments, as it is a requirement of our practice that you have a valid credit card on file for security.

    7. Third-party disclosures

    We may also disclose your personal information to third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us. These services may include:

    • payment processing
    • communications
    • providing cloud computing infrastructure

    We may also disclose your personal information:

    • when we believe in good faith that disclosure is necessary to protect our rights, protect you or others from threats of imminent harm, investigate fraud or other activity in violation of the law, or respond to government requests (including to meet national security or law enforcement requirements)
    • for Workers’ Compensation, Veteran’s Affairs, and similar program requests

    Requests to remove key personal information will result in diminished or loss of available services to you.

    8. Data retention

    Our Website will retain no information on your browsing habits other than already detailed in the relevant sections above. If your browser is configured to store preference information, you may choose to clear your browser’s cache.

    The Patient Portal will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    9. Social Media

    Our Websites include ‘social media’ features, such as the Facebook® button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy statement of the company providing them and are not affiliated with Gordon Medical Associates. You may choose to configure your internet browser to block cookies and features offered by these third parties, and are advised this may affect your experience on our site.

    10. Links to third party websites

    Our Websites include links to articles, video, audio, resources, or full websites provided by non-affiliated entities whose privacy practices may differ from those of ours. If you submit personal information to any of those sites, your information is governed by their privacy statements. Please see the Privacy Policy of the linked site(s). We encourage you to carefully read the privacy statement of any website you visit. This also extends to the online pharmacies that we recommend to you.

    Questions, Complaints, and Contact

    If you have any questions about this Privacy Statement, or our policies and practices concerning the Websites, you can contact us by mail at: Clinic Director, Gordon Medical Associates, 361 Third Street, Suite J, San Rafael, CA 94901, USA.

    Changes to the Privacy Policy

    Gordon Medical reserves the right to modify this Privacy Policy at any time, however, should we change the Privacy Policy in a material way, a notice will be posted on our website along with the updated Privacy Policy. If you disagree with the changes, you may terminate your Services.